7e2174bd6f
* Create rule S6989 * Add content for S6989 * Add documentation link --------- Co-authored-by: jamie-anderson-sonarsource <jamie-anderson-sonarsource@users.noreply.github.com> Co-authored-by: Jamie Anderson <127742609+jamie-anderson-sonarsource@users.noreply.github.com>
11 lines
507 B
Plaintext
11 lines
507 B
Plaintext
==== Exceeding rate limits
|
|
|
|
Using a leaked secret, an attacker may be able to make hundreds or thousands of
|
|
authenticated calls to an online service. It is common for online services to
|
|
enforce a rate limit to prevent their servers from being overwhelmed.
|
|
|
|
If an attacker is able to exceed a user-based rate limit, they may be able to
|
|
cause a denial of service for the user. If this continues over a long period of
|
|
time, the user may also be subject to additional fees or may have their account
|
|
terminated.
|